Port forwarding on Mikrotik routers

To forward a port on the Mikrotik router, you need to open the “IP” – “Firewall” menu, select the “NAT” tab and add a new rule by clicking “Add new” or “+”.

In the window that opens, you must specify the following basic parameters:

Chain: dstnat (means that the connection will go from the external network to the internal).

Protocol: protocol, tcp / udp / …

Dst. Port: destination port that will be visible from the outside (1 – 65535).

In. interface: the incoming interface on which the above port is listening, for example “ether1-gateway”.

Action: netmap

To Addresses: the IP address of the network device/computer within the network from which you want to forward ports, for example 192.168.88.250

To Ports: the port you want to forward.
I will give several examples of ports: 3389/tcp – remote desktop, 80/tcp – web server, 23/tcp – telnet, 161/udp – snmp, 22/tcp – SSH, 1433/tcp – MS SQL Server, etc. )

To access the external IP of the router from the local network, you need to add two more rules.

First:
Chain: dstnat
Src. Address: 192.168.88.0/24 (internal network)
Dst. Address: ip router
Protocol: tcp
Dst. Port: port
Action: dst-nat
To Addresses: ip_internal_network
To Ports: port

Second:
Chain: srcnat
Src. Address: 192.168.88.0/24 (internal network)
Dst. Address: ip_devices_internal_net
Protocol: tcp
Dst. Port: port
Action: src-nat
To Addresses: 192.168.88.1 (internal router ip)

For example, to DVR Dahua you need to forward ports: 80 tcp, 554 tcp, 37777 tcp, 37778 udp. To view the port 37777 tcp is enough, if there are many cameras behind the router, then you can forward the ports 37779 tcp, 37979 tcp, etc., while the ports must be changed to the same ones on the cameras.

See also my articles:
Configure Hairpin NAT on RouterOS (Mikrotik)
Configuring Remote Access in Mikrotik Router

Leave a comment

Leave a Reply